linux.git/net/key, branch v2.6.25 Linux kernel source tree [IPSEC]: Fix inter address family IPsec tunnel handling. 2008-03-24T21:51:51+00:00 Kazunori MIYAZAWA kazunori@miyazawa.org 2008-03-24T21:51:51+00:00 df9dcb4588aca9cc243cf1f3f454361a84e1cbdb Signed-off-by: Kazunori MIYAZAWA <kazunori@miyazawa.org> Signed-off-by: David S. Miller <davem@davemloft.net> 
Signed-off-by: Kazunori MIYAZAWA <kazunori@miyazawa.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
[AF_KEY]: Fix oops by converting to proc_net_*(). 2008-02-27T06:23:31+00:00 David S. Miller davem@davemloft.net 2008-02-27T06:20:44+00:00 d9595a7b9c777d45a74774f1428c263a0a47f4c0 To make sure the procfs visibility occurs after the ->proc_fs ops are setup, use proc_net_fops_create() and proc_net_remove(). This also fixes an OOPS after module unload in that the name string for remove was wrong, so it wouldn't actually be removed. That bug was introduced by commit 61145aa1a12401ac71bcc450a58c773dd6e2bfb9 ("[KEY]: Clean up proc files creation a bit.") Signed-off-by: David S. Miller <davem@davemloft.net> 
To make sure the procfs visibility occurs after the ->proc_fs ops are
setup, use proc_net_fops_create() and proc_net_remove().

This also fixes an OOPS after module unload in that the name string
for remove was wrong, so it wouldn't actually be removed.  That bug
was introduced by commit 61145aa1a12401ac71bcc450a58c773dd6e2bfb9
("[KEY]: Clean up proc files creation a bit.")

Signed-off-by: David S. Miller <davem@davemloft.net>
[AF_KEY]: Fix bug in spdadd 2008-02-14T22:51:38+00:00 Kazunori MIYAZAWA kazunori@miyazawa.org 2008-02-14T22:51:38+00:00 a4d6b8af1e92daa872f55d06415b76c35f44d8bd This patch fix a BUG when adding spds which have same selector. Signed-off-by: Kazunori MIYAZAWA <kazunori@miyazawa.org> Signed-off-by: David S. Miller <davem@davemloft.net> 
This patch fix a BUG when adding spds which have same selector.

Signed-off-by: Kazunori MIYAZAWA <kazunori@miyazawa.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
[KEY]: Convert net/pfkey to use seq files. 2008-02-10T07:20:06+00:00 Pavel Emelyanov xemul@openvz.org 2008-02-10T07:20:06+00:00 bd2f747658b303d9b08d2c5bc815022d825a5e3c The seq files API disposes the caller of the difficulty of checking file position, the length of data to produce and the size of provided buffer. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net> 
The seq files API disposes the caller of the difficulty of
checking file position, the length of data to produce and
the size of provided buffer.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
[KEY]: Clean up proc files creation a bit. 2008-02-10T07:19:14+00:00 Pavel Emelyanov xemul@openvz.org 2008-02-10T07:19:14+00:00 61145aa1a12401ac71bcc450a58c773dd6e2bfb9 Mainly this removes ifdef-s from inside the ipsec_pfkey_init. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net> 
Mainly this removes ifdef-s from inside the ipsec_pfkey_init.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
[PATCH] switch audit_get_loginuid() to task_struct * 2008-02-01T19:04:59+00:00 Al Viro viro@zeniv.linux.org.uk 2008-01-10T09:20:52+00:00 0c11b9428f619ab377c92eff2f160a834a6585dd all callers pass something->audit_context Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 
all callers pass something->audit_context

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
[XFRM] xfrm_policy_destroy: Rename and relative fixes. 2008-01-28T23:00:46+00:00 WANG Cong xiyou.wangcong@gmail.com 2008-01-08T06:34:29+00:00 64c31b3f76482bb64459e786f9eca3bd0164d153 Since __xfrm_policy_destroy is used to destory the resources allocated by xfrm_policy_alloc. So using the name __xfrm_policy_destroy is not correspond with xfrm_policy_alloc. Rename it to xfrm_policy_destroy. And along with some instances that call xfrm_policy_alloc but not using xfrm_policy_destroy to destroy the resource, fix them. Signed-off-by: WANG Cong <xiyou.wangcong@gmail.com> Acked-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net> 
Since __xfrm_policy_destroy is used to destory the resources
allocated by xfrm_policy_alloc. So using the name
__xfrm_policy_destroy is not correspond with xfrm_policy_alloc.
Rename it to xfrm_policy_destroy.

And along with some instances that call xfrm_policy_alloc
but not using xfrm_policy_destroy to destroy the resource,
fix them.

Signed-off-by: WANG Cong <xiyou.wangcong@gmail.com>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
[AF_KEY]: Fix skb leak on pfkey_send_migrate() error 2008-01-21T04:31:45+00:00 Patrick McHardy kaber@trash.net 2008-01-21T01:24:29+00:00 d4782c323d10d3698b71b6a6b3c7bdad33824658 Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net> 
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
[IPSEC]: Avoid undefined shift operation when testing algorithm ID 2007-12-20T07:44:29+00:00 Herbert Xu herbert@gondor.apana.org.au 2007-12-20T07:44:29+00:00 f398035f2dec0a6150833b0bc105057953594edb The aalgos/ealgos fields are only 32 bits wide. However, af_key tries to test them with the expression 1 << id where id can be as large as 253. This produces different behaviour on different architectures. The following patch explicitly checks whether ID is greater than 31 and fails the check if that's the case. We cannot easily extend the mask to be longer than 32 bits due to exposure to user-space. Besides, this whole interface is obsolete anyway in favour of the xfrm_user interface which doesn't use this bit mask in templates (well not within the kernel anyway). Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net> 
The aalgos/ealgos fields are only 32 bits wide.  However, af_key tries
to test them with the expression 1 << id where id can be as large as
253.  This produces different behaviour on different architectures.

The following patch explicitly checks whether ID is greater than 31
and fails the check if that's the case.

We cannot easily extend the mask to be longer than 32 bits due to
exposure to user-space.  Besides, this whole interface is obsolete
anyway in favour of the xfrm_user interface which doesn't use this
bit mask in templates (well not within the kernel anyway).

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
[IPSEC]: Temporarily remove locks around copying of non-atomic fields 2007-11-26T11:07:34+00:00 Herbert Xu herbert@gondor.apana.org.au 2007-11-26T11:07:34+00:00 8053fc3de720e1027d690f892ff7d7c1737fdd9d The change 050f009e16f908932070313c1745d09dc69fd62b [IPSEC]: Lock state when copying non-atomic fields to user-space caused a regression. Ingo Molnar reports that it causes a potential dead-lock found by the lock validator as it tries to take x->lock within xfrm_state_lock while numerous other sites take the locks in opposite order. For 2.6.24, the best fix is to simply remove the added locks as that puts us back in the same state as we've been in for years. For later kernels a proper fix would be to reverse the locking order for every xfrm state user such that if x->lock is taken together with xfrm_state_lock then it is to be taken within it. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 
The change 050f009e16f908932070313c1745d09dc69fd62b

	[IPSEC]: Lock state when copying non-atomic fields to user-space

caused a regression.

Ingo Molnar reports that it causes a potential dead-lock found by the
lock validator as it tries to take x->lock within xfrm_state_lock while
numerous other sites take the locks in opposite order.

For 2.6.24, the best fix is to simply remove the added locks as that puts
us back in the same state as we've been in for years.  For later kernels
a proper fix would be to reverse the locking order for every xfrm state
user such that if x->lock is taken together with xfrm_state_lock then
it is to be taken within it.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>